Jump to content

Search the Community

Showing results for tags 'us government'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Site Related
    • News & Updates
    • Site / Forum Feedback
    • Member Introduction
  • News
    • General News
    • FileSharing News
    • Mobile News
    • Software News
    • Security & Privacy News
    • Technology News
  • Downloads
    • nsane.down
  • General Discussions & Support
    • Filesharing Chat
    • Security & Privacy Center
    • Software Chat
    • Mobile Mania
    • Technology Talk
    • Entertainment Exchange
    • Guides & Tutorials
  • Off-Topic Chat
    • The Chat Bar
    • Jokes & Funny Stuff
    • Polling Station

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Found 17 results

  1. For the second time, Senator Cory Booker announced a bill to make recreational marijuana use legal across the entire US. The Marijuana Justice Act, which Booker and Representatives Barbara Lee and Ro Khanna announced on Thursday, would not only legalize marijuana but also retroactively erase marijuana possession charges from Americans' criminal records, according to Rolling Stone — a monumental shift in U.S. drug policy. Cory Booker, a 2020 Democratic hopeful, first introduced a similar bill in 2017 that didn't make it out of the Senate. Still, Booker has made it clear that a major component of his presidential bid will center around ending the War on Drugs, which has led to the over-policing and incarceration of racial minorities for nonviolent crimes. "The failed War on Drugs has really been a war on people — disproportionately criminalizing poor people, people of color & people with mental illness," Booker tweeted Thursday morning. "I'm reintroducing the [Marijuana Justice] Act to begin reversing our failed federal drug policies." So far, other Democratic candidates Elizabeth Warren, Bernie Sanders, and Kamala Harris have all co-sponsored Booker's new bill, according to NPR. Meanwhile, Senator Ron Wyden introduced a similar bill earlier this month. A major component of the Marijuana Justice Act is its retroactive effect on people who were previously charged for marijuana possession and either served time in prison or are still incarcerated. The American Civil Liberties Union (ACLU) reports that black people are four times as likely to be arrested for marijuana possession than white people, despite similar rates of drug use. When various states have legalized recreational marijuana, it largely benefited wealthy, white business owners who opened up distribution centers. Meanwhile, black people continued to be arrested at higher rates and the predominantly-black cohort currently in prison remained there, Vox reports. If Booker's bill makes it through the Senate this time, those people wouldn't be left behind. The new bill would allow people currently in prison for possession to appeal for re-sentencing. People who already served time would have their criminal records expunged, according to Rolling Stone. "It's not enough to simply decriminalize marijuana. We must also repair the damage caused by reinvesting in those communities that have been most harmed by the War on Drugs," Booker said in a statement sent to Rolling Stone. "And we must expunge the records of those who have served their time. The end we seek is not just legalization, it's justice." source
  2. WASHINGTON (Reuters) - A partial U.S. government shutdown over President Donald Trump’s demand for $5.7 billion to build a wall along the U.S.-Mexico border entered its 22nd day on Saturday, making it the longest shuttering of federal agencies in U.S. history, with no end in sight. PHOTO: A sign the reads "Federal employees all day happy hour" is displayed at a local bar as the partial U.S. government shutdown enters its third week in Washington, U.S., January 11, 2019. Trump, holed up in the White House with Congress adjourned for the weekend, warned of a much lengthier impasse and blamed the Democrats. “We will be out for a long time unless the Democrats come back from their ‘vacations’ and get back to work,” he tweeted. Democrats say Trump shut the government in a “temper tantrum” by refusing to sign bipartisan funding legislation last year that did not include money for his wall. The closure, which began on Dec. 22, broke a decades-old record by a 1995-1996 shutdown under former President Bill Clinton that lasted 21 days. Federal workers affected missed their first paychecks on Friday, heightening concerns about mounting financial pressures on employees, including air traffic controllers and airport security officials who continue to work without pay. Roughly 800,000 federal workers did not receive paychecks that would have gone out on Friday. Some have resorted to selling their possessions or posting appeals on online fundraising sites to help pay their bills. Miami International Airport said it will close one of its terminals early over the next several days due to a possible shortage of security screeners, who have been calling in sick at twice the normal rate. A union that represents thousands of air traffic controllers sued the Federal Aviation Administration on Friday, saying it had violated federal wage law by failing to pay workers. It is at least the third lawsuit filed by unions on behalf of unpaid workers. The head of the U.S. Secret Service, which is responsible for protecting Trump, has warned employees that financial stress can lead to depression and anxiety. “Keep an eye out for warning signs of trouble,” Director R.D. “Tex” Alles wrote in a memo seen by Reuters. The Transportation Security Administration, responsible for airport security screening, said its rate of unscheduled absences rose to 5.6 percent on Saturday from 3.3 percent a year ago but that security standards have not been compromised. The Federal Aviation Administration, which oversees air traffic controllers, said on Saturday it had seen no unusual rates of sick leave among its air traffic controllers and no disruptions to air traffic control operations. To support its workforce, TSA said it was processing pay for employees who worked on the first day of the shutdown and announced $500 bonuses for uniformed screening officers. Trump is considering a possible national emergency declaration that would end the shutdown and allow him to obtain his wall funding by circumventing Congress. But on Friday, he said he would not take such a step “right now”. “Democrats should come back to Washington and work to end the Shutdown, while at the same time ending the horrible humanitarian crisis at our Southern Border. I am in the White House waiting for you!” he tweeted. Trump also urged his 57.2 million Twitter followers to contact Democratic lawmakers and “Tell them to get it done!” Democrats, who call a wall an ineffective, outdated answer to a complex problem, have passed several bills in the House of Representatives to reopen the government without funding for Trump’s barrier. But the legislation has been ignored by the Republican-controlled Senate. Trump originally pledged Mexico would pay for the wall, which he says is needed to stem the flow of illegal immigrants and drugs. But Mexico has refused. U.S. government departments including the Treasury, Energy, Commerce and State departments, shut down when funding lapsed on Dec. 22. Funding for other portions of the government, including the Department of Defense and Congress, was approved, allowing them to continue regular operations. Trump has repeatedly described the situation at the Mexico border as a “humanitarian crisis” as speculation has increased this week that he would circumvent Congress to begin building his signature wall - a move that would be sure to draw a court challenge from Democrats who say the barrier would be barbaric and ineffective. Instead, the president urged lawmakers to provide him the $5.7 billion he is seeking for border security. A national emergency would allow Trump to divert money from other projects to pay for the wall, which was a central promise of his 2016 campaign. That, in turn, could prompt him to sign bills that restore funding to agencies that have been affected by the shutdown. Source
  3. from the COME-DOWN-TO-DATA-KING-FOR-ALL-YOUR-USER-DATA-NEEDS-OPEN-SATURDAY dept Facebook's new transparency report is up, and the company has released a baker's dozens of National Security Letters along with it. Thanks to the USA Freedom Act, companies finally have a way to challenge the indefinite gag orders the government attaches to its demands for user info -- a process it deploys thousands of times a year without having to run anything by a judge. NSLs are gifts the FBI gives itself. With these self-issued pieces of paper, the agency can demand internet platforms turn over info about targeted accounts. What it can actually demand is fairly limited, although there appears to be no limit to the number of accounts the FBI can target with a single NSL. Many of the NSLs in this batch [PDF] cleared for release ask for data on multiple Facebook and Instagram users. Only one of the released NSLs still carries the pre-Freedom Act boilerplate: the one that demands tons of info the DOJ's own internal legal guidance says the FBI can't ask for. That NSL contains a long list of things the FBI chose to consider "phone billing records" before being steered back to reality by legislation and leaked documents. Subscriber name and related subscriber information Account number(s) Date the account opened or closed Physical and or postal addresses associated with the account Subscriber day/evening telephone numbers Screen names or other on-line names associated with the account All billing and method of payment related to the account including alternative billed numbers or calling cards All e-mail addresses associated with the account to include any and all of the above information for any secondary or additional e-mail addresses and/or user names identified by you as belonging to the targeted account in this letter Internet Protocol (IP) addresses assigned to this account and related e-mail accounts Uniform Resource Locator (URL) assigned to the account Plain old telephone(s) (POTS), ISDN circuit(s), Voice over internet protocol (VOIP), Cable modem service, Internet cable service, Digital Subscriber Line (DSL) asymmetrical/symmetrical relating to this account The names of any and all upstream and providers facilitating this account's communications The post-USA Freedom Act NSLs all carry identical demands for user info, which is far more limited than what's contained in this 2014 artifact. The reason we're even seeing these NSLs published can be tied directly to the Snowden leaks, which led to the modification of several secretive government programs and policies with the USA Freedom Act. While these modifications may have altered how the government demands data and communications, it hasn't really slowed the government's roll. As Zack Whittaker notes for TechCrunch, the government is demanding more from Facebook more often. If it's data you're seeking, you go to where the data is. A platform with a billion users is a good start, especially when Instagram adds another 600 million user accounts to the mix. While it's good to see the uptick in demands is matched with an uptick in warrants and other orders that require the input of a court, the continued use of NSLs to acquire user info is concerning. These subpoenas -- issued and approved by the agency demanding user data -- more resemble fishing licenses than legal documents, which explains their continued popularity among FBI agents. Source
  4. US government investigators have lost a case to force Facebook to wiretap calls made over its Messenger app. A joint federal and state law enforcement effort investigating the MS-13 gang had pushed a district court to hold the social networking giant in contempt of court for refusing to permit real-time listening in on voice calls. According to sources speaking to Reuters, the judge later ruled in Facebook’s favor — although, because the case remains under seal, it’s not known for what reason. The case, filed in a Fresno, Calif. district court, centers on alleged gang members accused of murder and other crimes. The government had been pushing to prosecute 16 suspected gang members, but are said to have leaned on Facebook to obtain further evidence. Reuters said that an affidavit submitted by an FBI agent said that “there is no practical method available by which law enforcement can monitor” calls on Facebook Messenger . Although Facebook-owned WhatsApp uses end-to-end encryption to prevent eavesdroppers, not even the company can listen in — which law enforcement have long claimed that this hinders investigations. But Facebook Messenger doesn’t end-to-end encrypt voice calls, making real-time listening in on calls possible. Although phone companies and telcos are required under US law to allow police and federal agencies access to real-time phone calls with a court-signed wiretap order, internet companies like Facebook fall outside the scope of the law. Privacy advocates saw this case as a way to remove that exemption, accusing the government of trying to backdoor the encrypted app, just two years after the FBI sued Apple over a similar request to break into the encrypted iPhone belonging to San Bernardino shooter Syed Farook. Neither Facebook nor the FBI responded to a request for comment. Source
  5. GAO report takes us inside Equifax from March 2017 onward, showing how a few slip-ups led to one of the biggest breaches in US history The US Government Accountability Office (GOA) published a report today detailing how the Equifax hack went down and how the credit reporting company answered during and after the incident. The report comes a day before the one-year anniversary of the public announcement of the Equifax breach that exposed the personal details of 145.5 million Americans, but also of millions of British and Canadian citizens. Some of the details included in the report were already known and previously reported, but there was also some new information. Below is a summary of the most important details surrounding the Equifax hack included in GAO's reconstruction of events. On March 8, 2017, the Apache Foundation patches a severe vulnerability (CVE-2017-5638) in the Apache Struts Java framework that at the time was being exploited by hackers to take over applications coded on top of the framework. US-CERT issues a security advisory on the same day, warning companies across the US about this new security flaw. Equifax IT administrators circulate this advisory on an internal mailing list. Unbeknownst to its IT administrators, the mailing list was out-of-date and did not include all its systems administrators, indirectly leading to an incomplete patch of Equifax's servers. Equifax told GAO that on March 10, two days after the US-CERT advisory, it detected attackers scanning its servers for that particular vulnerability. Equifax officials stated that, as a result of this scanning, the unidentified individuals discovered a server housing Equifax's online dispute portal, running a vulnerable Struts version. Attackers gained access to this system, tested the level of access they had, but did not steal anything. A week after the US-CERT advisory, Equifax staff scans its own systems for the presence of the Struts vulnerability, but the dispute portal does not show up as vulnerable. Hackers return on May 13, and this time, according to the GAO report, they came back with a plan and the proper tools to execute it. During this second intrusion, Equifax says attackers issued queries from the online dispute portal systems to other databases in search of personal data. "This search led to a data repository containing PII, as well as unencrypted usernames and passwords that could provide the attackers access to several other Equifax databases," the report says. This data helped attackers to expand their initial access from three databases to 48. Logs showed attackers then ran approximately 9,000 queries to gather Equifax customer info. The GAO report says this happened because Equifax failed to segment its databases into smaller networks. This, in turn, allowed the attacker direct and easy access to all of its customers' data. "After successfully extracting PII from Equifax databases, the attackers removed the data in small increments, using standard encrypted web protocols to disguise the exchanges as normal network traffic," GAO investigators said. Hackers exfiltrated data for 76 days until July 29, 2017, when Equifax staff discovered the intrusion during routine checks of the operating status and configuration of IT systems. Equifax said that the reason hackers were not detected for 76 days was because a device meant to inspect network traffic had been misconfigured and didn't check encrypted traffic for signs of malicious activity. The reason the device didn't work, Equifax said, was because a digital certificate that would have helped the equipment inspect encrypted traffic had expired about ten months before the breach, preventing the equipment from doing its job. As soon as Equifax staffers renewed the certificate, they immediately saw signs of suspicious activity. After investigating what happened and discovering the intrusion, Equifax took down the dispute portal on July 30, 2017, and reported the incident to its CEO the next day. At this point, the company started its internal investigation, which concluded with a public announcement of the breach on September 8, 2017. During preparations for publicly disclosing the breach, various people also learned of the security incident. The US Securities and Exchange Commission (SEC) charged an Equifax executive and an engineer for insider trading in March and June, this year. Huge public backlash followed in the wake of the Equifax breach announcement. While some might think that the Equifax breach was a cornerstone moment in protecting consumer rights after data breaches, things haven't changed at all during the past year. If anything, they left a bad taste in everyone's mouth. For starters, the Consumer Financial Protection Bureau pulled back from a full-scale probe of Equifax in February 2018. In May 2018, the Federal Trade Commission named a former Equifax lawyer head of its consumer protection office that was tasked with investigating Equifax in the first place. A bill introduced to sanction companies like Equifax in case of appalling breaches slowly died out, while another bill that would reward Equifax despite privacy breaches was introduced a few months later. The GAO report released today opens old wounds and comes as a slap in the face of all those affected who expected actions and more than endless talks around the subject. Source
  6. But nothing is what is seems when it comes to Section 702 programs A closely watched case covering the constitutionality of a spying program has been thrown into disarray after a US government lawyer claimed an assertion at the heart of the lawsuit simply never occurred. Speaking in oral argument [mp3] at the Second Circuit Court of Appeals this week, the government representative told judges that it had not used a so-called "backdoor" search to get information on the plaintiff Agron Hasbajrami, a US citizen. Instead, he argued, the government learned about his activities from intercepted conversations abroad and then went to the special FISC spying court based in Washington DC to authorize surveillance on him. "This is not a criminal case that arose from a so-called backdoor query," he told the judges, claiming that an earlier memorandum by a district court judge made that clear. "Judge Gleeson establishes the order of things. In this case, the government had targeted foreign persons abroad who were discussing matters of international terrorism. After the government learned one of the communicants was a US person in New York, the government sought an order from the FISC and provided probable cause and satisfied the FISC…" That came as news to both the appeals court judges and the defense legal team who have scrutinized Judge Gleeson's memo. It also goes against pretty much everything that had been previously heard and argued in the seven-year case. But the fact that the government lawyer was able to assert such a wildly different series of events to the one everyone else has been assuming - and point to the "ambiguities" in the record to explain the divergence - serves to highlight just how Kafkaesque US spying programs have become. Constitutionality Currently the case is focused on whether the collection of data on US citizens located in the US is constitutional given that it occurs under a law that specifically states it is only to be used for non-US citizens based abroad. The key part of the law is called Section 702 and its novel interpretation by the security services was exposed by Edward Snowden in 2013 when he revealed the existence of two spying programs – PRISM and Upstream – that amounted to mass surveillance of the internet and phone networks. Since then there have been repeat efforts to scale back the spying programs, most recently a Congressional battle over reauthorization of Section 702 that sought to require the US government to get warrants before searching its vast 702 database for information on US citizens. That Congressional effort failed and so two civil society groups – the Electronic Frontier Foundation (EFF) and American Civil Liberties Union (ACLU) – have been trying to introduce the same requirement through the law courts by arguing those searches violate the Fourth Amendment on unreasonable search. What happens is this: the US intelligence services use Section 702 to target specific foreign intelligence threats outside the United States. In the modern internet era, the government argues, communications carried out by those people outside the US actually pass through servers based in the US – and so they intercept phone and internet traffic within the US looking for information on them. All that information is held in a database – the Section 702 database – which US government agents can then search at some future date when looking for someone. The data is stored for five years. Search results The problem comes when the government then argues it is allowed to search that same database for US citizens, and even that the FBI is allowed to search it for information on US citizens in connection with domestic crimes. Civil rights advocates argue that this is a clear abuse of the Fourth Amendment and the government should have to do what it does in every other case and go to a judge, prove probable cause, and get a warrant before searching the database for information on a US citizen. The government argues that the database already exists and has been compiled legitimately, so it does not need a warrant because it is not conducting a "new" search. While refusing to say how many US citizens' information have been swept up in the database, the US government says any information it holds on US citizens is merely "incidental" and not intentional. The best guess is that there is more than one billion pieces of information on several hundred thousand Americans in the database. If the government's case sounds like a series of semantic circular arguments that collapse under their own weight, that's because they are and they do. But given the topic – the identification and prosecution of criminals and potential terrorist supporters – key figures in the political and legal systems have been willing to overlook logical inconsistencies in order to preserve the capability. This case – United States v. Hasbajrami – has therefore been held out as a way to finally get the US court system to look at the specific question of whether the gathering of data through Section 702 programs – as they currently exist - is constitutional. Hypotheticals In oral argument, the ACLU and EFF lawyers were repeatedly quizzed by one judge over hypothetical situations over when it would be legal to store or use information on someone; hypotheticals that the lawyers pointed out with increasing frustration were premised on the fact that initial data collection was lawful. The main thrust of the legal argument is that the initial collection in this case is not lawful. There was a lot of discussion about legal precedents and whether they applied to the modern internet era and what legal theories could be used to make the case for greater controls on what the government does with the information it has gathered. But the entire debate was upended when the government's lawyer effectively claimed that the entire debate was moot because it didn't carry out a "backdoor" search in this case but instead followed the correct process and applied for surveillance through the FISC court. To say that the judges and defense were skeptical of this claim would be an understatement. But due to excessive secrecy placed around anything to do with its spying systems in the name of national security, it is difficult to know what is true. As just one example, in an earlier case – that of Adel Daoud – a district judge took the unusual step of ordering the release of a decision by the FISA Court (FISC) to put him under surveillance (after she had viewed it in private), so his lawyers were able to see the evidence being used against their client. The US government fought the release of those documents all the way up to the Supreme Court and won. So Daoud was convicted on the basis of evidence that neither he nor his lawyers have been allowed to see. In this world, the government is in a position to claim pretty much anything it wants safe in the knowledge that no one will be able to prove any different. The reason the Judge Gleeson memo is of such importance is that the judge in that case was able to review the confidential material behind the matter and make his own determination. Now the government is claiming that Gleeson's memo says something different to what everyone else that hasn't seen the evidence believes it does. Parallel universe It is worth noting that the three appeals court judges in this Hasbajrami case have not reviewed the confidential record - with one of them noting in court that he consciously decided not to do so there was no risk he would divulge classified information during the hearing. And if you thought all that was weird enough, there's more: the government lawyer acknowledged in the oral hearing that while the government notified Agron Hasbajrami that he has been subject to electronic surveillance under Title I and III of the relevant FISA law when it arrested and charged him, it did not inform him until after he was convicted that he had also been put under Title VII surveillance – a reference to Section 702. The government lawyer inferred this delay was somehow accidental and the government "regretted" it. But Hasbajrami's lawyer argued that the notice delay "wasn't accidental; it was intentional, and represented a system-wide decision not to comply with notice requirements." He asked the judges to consider: "What are they afraid of?" What all that means is that the government appears to be using its sole possession of the full facts of the case to paint a different picture to what really happened. The government's case appears to be that it picked up information from a foreign national outside the US that implicated Hasbajrami and then – noting he was a US citizen in New York – did the right thing and went to the FISA Court, proved probable cause, got a warrant and only then searched the 702 database. The defense is pretty sure the timeline is different: the government saw some kind of connection between Hasbajrami and the foreign national it was watching and immediately searched the 702 database for Hasbajrami. Then it used that evidence to go to the FISA Court to get a warrant. That may seem like a small thing but it's the difference between the police being allowed to break into your house just to see if there is anything illegal, and having to get a warrant to search your house once they have persuaded a judge there is good reason to suspect something illegal. One is a police state; the other a democracy. The government claims when it comes to electronic surveillance that both scenarios are perfectly legal. But faced with an appeals court that could decide otherwise, it has stated that the first sequence of events - where it followed long-settled law - is true. Unknown knowns, no? But of course, in the world of intelligence services where a seemingly clear word is given its own special interpretation, the government representative may claim that he didn't say that at all. And the defense will likely never know one way or another due to not being allowed to view the confidential record. We spoke with one of the EFF's lawyers, Andrew Crocker, who drew up the legal brief and was present in court, to try to make sense of it all. We started by asking him why the claim that a backdoor search wasn't used had suddenly appeared this late in the case. "It's hard to know exactly what the government's position here is," he told us. "The lawyer for the government said that the case did not 'arise' from a backdoor search, but that isn't the same as saying no backdoor search occurred. "The government seemed to be trying to imply that no such search occurred without actually adding any facts to the record to back that up, but the court called it out. I think at the very least the court would be wise to remand to allow the lower court to sort out the facts." Crocker and his team remain convinced that a backdoor search was used on Hasbajrami so even if the US government succeeds in muddying the timeline of events to such an extent that it becomes hard to make sense of what happened, it is still a case of the government using unconstitutionally gathered information to pursue a case against a US citizen. "It seems that the government had a number of Mr Hasbajrami's emails before applying for warrants to surveil him specifically, suggesting that they had not been investigating him in real time but rather searching its databases for previously acquired communications," Crocker noted. "Our argument still applies," he said. "The court should hold that Fourth Amendment prevents the government from intercepting and retaining Americans' communications and that its use of Hasbajrami's emails was unreasonable." Source
  7. The agency claims Kaspersky be a “national security threat” The dispute between the United States government and Russian security vendor Kaspersky continues, and after US authorities banned the company’s antivirus, the FBI is now briefing the private sector with a request to remove the security product from their systems. The FBI wants US-based companies to abandon Kaspersky software, as it considers the company to represent a “threat to national security,” according to a report from CyberScoop. The agency first started pressuring US firms to uninstall Kaspersky security products from their systems earlier this year on a priority basis, with the source revealing via current and former senior US officials familiar with the matter (who asked not to be named because of obvious reasons) that firms in the energy sector and those using industrial control (ICS) and Supervisory Control and Data Acquisition (SCADA) systems being at the top of the list. Companies in the energy sector are receiving particular attention from the FBI, as US authorities are concerned following the recent attacks that took down the electric grid in Ukraine and linked with Russian hacking groups. Additionally, the FBI has already contacted US tech companies having ongoing deals with Kaspersky, especially if their products are aimed at American businesses and consumers. The reason for the FBI’s push to get rid of Kaspersky’s software is the alleged tie with Russia. The agency claims many of the current employees of the security company are former Russian intelligence agents, and Russian laws could allow the government to control a local firm and use it to spy on other nations. Kaspersky: We’re not working with any government Kaspersky has already replied to all these claims, explaining that there are no ties not only with Russia, but with any other governments, and the company has even offered to testify before the US Congress and have its source code inspected for any possible malware or surveillance code. “If these briefings are actually occurring, it’s extremely disappointing that a government agency would take such actions against a law-abiding and ethical company like Kaspersky Lab,” the company told the aforementioned source. “The company doesn’t have inappropriate ties with any government, which is why no credible evidence has been presented publicly by anyone or any organization to back up the false allegations made against Kaspersky Lab. The only conclusion seems to be that Kaspersky Lab, a private company, is caught in the middle of a geopolitical fight, and it’s being treated unfairly, even though the company has never helped, nor will help, any government in the world with its cyber-espionage or offensive cyber efforts.” At this point, however, tech giants are the companies that seem to be the least receptive to FBI’s demands, but the priority currently appears to be firms in the energy and nuclear industries. < Here >
  8. The Trump administration is on the verge of deciding whether to block all federal agencies from using products developed by a popular Russian cyber-security firm, which is under increasing scrutiny for alleged ties to Russian intelligence services, government sources familiar with the matter told ABC News. A final decision could be made in the coming days over whether to strip the Moscow-based firm, Kaspersky Lab, from the General Services Administration's (GSA) list of outside vendors whose products are approved for use by government agencies, the sources said. "That's a big move and is going to have some legal implications," one senior U.S. intelligence official told ABC News. Removing Kaspersky Lab from the list -- known as the "GSA Schedule" -- would likely only impact future contracts, ABC News was told. If the Trump administration does move to block government agencies from using the company's products, it would mark the most significant and far-reaching response yet to concerns among current U.S. officials that Russian intelligence services could try to exploit Kaspersky Lab's anti-virus software to steal and manipulate users' files, read private emails or attack critical infrastructure in the United States. For weeks, the White House, Department of Homeland Security, GSA and other federal agencies have been conducting an "interagency review" of the matter, sources said. The company has repeatedly insisted it poses no threat to U.S. customers and would never allow itself to be used as a tool of the Russian government. Kaspersky Lab's CEO, Eugene Kaspersky, recently said any concerns about his company are based in "ungrounded speculation and all sorts of other made-up things," adding that he and his company "have no ties to any government, and we have never helped, nor will help, any government in the world with their cyber-espionage efforts." Nevertheless, the FBI has been pressing ahead with a long-running counterintelligence probe of the company, and in June FBI agents interviewed about a dozen U.S.-based Kaspersky Lab employees at their homes, ABC News was told. In addition, as ABC News reported in May, the Department of Homeland Security in February issued a secret report on the matter to other government agencies. And three months ago, the Senate Intelligence Committee sent a secret memorandum to Director of National Intelligence Dan Coats and Attorney General Jeff Sessions demanding that the Trump administration address "this important national security issue." Despite all the private expressions of concern, the issue was first brought into public view by key members of the Senate Intelligence Committee, who began asking questions about Kaspersky Lab during recent hearings covering global threats to U.S. national security. Lawmakers and other U.S. officials point to Kaspersky Lab executives with previous ties to Russian intelligence and military agencies as reason for concern. Three weeks ago, Sen. Jeanne Shaheen, D-N.H., took legislative steps to ban the U.S. military from using Kaspersky Lab products. There is "a consensus in Congress and among administration officials that Kaspersky Lab cannot be trusted to protect critical infrastructure," Jeanne Shaheen, a New Hampshire Democrat and key member of the Senate Armed Services Committee, said in a statement after introducing an amendment to a Pentagon spending bill. Eugene Kaspersky called Shaheen’s move "an extreme new measure." "Kaspersky Lab is facing one of the most serious challenges to its business yet, given that members of the U.S. government wrongly believe the company or I or both are somehow tied to the Russian government," he recently wrote on his blog. "Basically, it seems that because I'm a self-made entrepreneur who, due to my age and nationality, inevitably was educated during the Soviet era in Russia, they mistakenly conclude my company and I must be bosom buddies with the Russian intelligence agencies. ... Yes it is that absurdly ridiculous." U.S. officials have yet to publicly present any evidence indicating concerning links between Kaspersky Lab employees and elements of the Russian government. But one senior U.S. intelligence official said the fact that the U.S. government is considering the drastic step of removing Kaspersky Lab from the GSA's list of approved vendors shows that such concerns are "non-trivial." A company lands on the list after hammering out deals with the GSA, which uses "the government's buying power to negotiate discounted pricing," according to the GSA. Hundreds of "federal customers," and in some cases state and local governments, can then purchase the company's products without having to each negotiate their own prices, the GSA said in a 2015 brochure about its operations. "The buying process is simplified because GSA has completed the bulk of the procurement process on behalf of government buyers," the brochure noted. As of a few years ago, the information technology portion of the GSA Schedule accounted for more than $14 billion of the federal budget, the brochure said. An ABC News investigation earlier this year found that -- largely through outside vendors -- Kaspersky Lab software has been procured by many federal agencies, including the U.S. Bureau of Prisons and some segments of the Defense Department. Kaspersky Lab products are also used in countless American homes, and in state and local agencies across the country. "[W]e've offered the U.S. government any assistance it might need to help clarify the ongoing confusion regarding the falsely perceived threat they wrongly believe our products and technologies pose," Eugene Kaspersky wrote on his blog. "We're even willing to meet with any of them and give them our source code to thoroughly review it, as we’ve got nothing to hide. We want the government, our users and the public to fully understand that having Russian roots does not make us guilty." < Here >
  9. The United States government has decided to ban software developed by Russian company Kaspersky Lab due to possible ties to Kremlin and collaboration with local intelligence services. The General Services Administration has confirmed for AFP that Kaspersky is no longer an approved software vendor, which basically means that state departments and federal agencies in the United States are not allowed to buy software from the Russian security vendor. The US government has moved to block federal agencies from buying software from Russia-based Kaspersky Labs, amid concerns about the company's links to intelligence services in Moscow. The General Services Administration, which handles federal government purchasing contracts, said in a statement to AFP that Kaspersky Labs, a major global provider of cybersecurity software, has been removed from its list of approved vendors, making it more difficult to obtain Kaspersky products. "GSA's priorities are to ensure the integrity and security of US government systems and networks and evaluate products and services available on our contracts using supply chain risk management processes," the agency said in a statement. Kaspersky denied all the accusations, explaining in a statement on its website that the company does not have what it described as “inappropriate” ties with any government, adding that it only works with agencies to fight cybercrime. Bloomberg claimed to have obtained internal company emails that served as evidence of a “much closer working relationship” between Kaspersky and FSB, but the security firm says the communication was “misinterpreted or manipulated.” Sources: news.softpedia.com phys.org gadgets.ndtv.com
  10. Microsoft says it won't collaborate with governments on hacking users Microsoft is one of the companies that brought the US government to court for data request order which it claimed it violated the law, and now the software giant is reiterating its support for protecting users by saying that it doesn’t plan to collaborate with authorities on hacking customers. Microsoft President and Chief Legal Officer Brad Smith said in a recent interview that the Redmond-based company is fully committed to working with governments on providing user information when they are legally compelled to, but other than that, there’s no intention on revealing customer data as part of any other programs. “Law enforcement needs information, sometimes it needs it very quickly to save lives. When we get those kinds of requests, or warrants, and when they are lawful, we act quickly. We can do so in a matter of minutes. But when governments go too far, we will say no,” Brad Smith was quoted as saying. “We will not help any government, including our own, hack or attack any customer anywhere. We will turn over data only when we are legally compelled to.” No information from Wikileaks Speaking about the recent revelations from Wikileaks, Brad Smith explained that no information was received by the company via official channels, despite recent reports that tech company had been provided with 90-day window to address security vulnerabilities. “The reality is throughout the tech sector, we haven't yet started to receive information from Wikileaks. We'll all learn more when we get the information. So far we know the same things journalists do. Any day that we learn and read about more governments taking more steps to hack their way into private technology is a day our concerns should grow,” Smith said. Microsoft is currently fighting in court a US government order to provide access to user data stored overseas, with the company claiming that such warrants should only be valid for information that is located within the country and not beyond its borders. Additionally, Microsoft has received the support of several other tech companies, including Cisco and long-time rival Apple, who also believe that data requests must only target data centers in the country. Source
  11. Microsoft previously argued that gag orders are often used for crimes not involving national security. Microsoft can pursue its legal challenge against the US government, a federal court has ruled, in a case that the software giant argues that government gag orders are unconstitutional. The judge said Microsoft made a reasonable argument that gag orders, issued by government agencies to prevent the company from telling the customer of an investigation, violates its constitutional rights to free speech. Judge James Robart upheld those First Amendment rights in his ruling Thursday, but declined its Fourth Amendment argument against unreasonable searches and seizures, saying that overturning the precedent would need to go to a higher court. "Microsoft alleges that indefinite nondisclosure orders implicate its First Amendment rights because the orders impinge on its right to speak about governmental affairs and the public's right to access search warrants," said Robart in his ruling. Microsoft brought the case in April last year, arguing that the government should not be allowed to prevent a company from telling a customer when their data has been turned over to investigators. These gag orders can be used in cases where national security is at risk, such as terrorism investigations, but are often used for low-level cases and non-national security related matters. According to the briefs filed by dozens of US organizations -- including Apple, Fox News, Twitter, thousands of gag orders were for an "unlimited or indefinite duration," meaning the companies may never be allowed to disclose the orders to anyone. In Microsoft's case, it was in possession of almost 2,600 separate secrecy orders. "We're pleased this ruling enables our case to move forward toward a reasonable solution that works for law enforcement and ensures secrecy is used only when necessary," said Brad Smith, Microsoft's chief legal officer in a statement. A spokesperson for the Justice Dept. was not immediately available. By Zack Whittaker http://www.zdnet.com/article/microsoft-allowed-to-sue-government-over-gag-orders-court-decides/
  12. The U.S. military is being accused of installing 'pirated' copies of 3D virtual reality software onto hundreds of thousands of computers without permission. Bitmanagement, the makers of the software, accuse the Navy of willful copyright infringement and are suing the Government for more than half a billion dollars in unpaid licenses. In recent years the U.S. Government has taken an aggressive stance towards copyright infringement, both at home and abroad. However, that doesn’t mean that the Government always sticks to the rules, quite the contrary. In a recent lawsuit it stands accused of willful copyright infringement on a massive scale. The case centers around “BS Contact Geo,” a 3D virtual reality application developed by the German company Bitmanagement. The Navy was enthusiastic about the geographical modeling capabilities of the software and in 2011 and 2012 it agreed to license its use for 38 computers. “Those individual PC-based licenses authorized the Navy to install BS Contact Geo on a total of just 38 computers for the purposes of testing, trial runs, and integration into Navy systems,” the software vendor states in the federal claims court complaint (pdf). After testing the application for a while, both parties started negotiating the licensing of additional computers. However, before any deals were made, the software maker learned that the Navy had already installed it on over 100,000 computers. According to emails Bitmanagement executives received in 2013, the software had been rolled onto at least 558,466 computers on the Navy’s network, without their permission. “Even as it negotiated with Bitmanagement over the proposed large-scale licensing of its product, the Navy was simultaneously copying and installing that software, without Bitmanagement’s advance knowledge or authorization, on a massive scale,” the complaint reads. In addition, the Navy allegedly disabled the software that is supposed to track on how many computers the software is being used. This violation of the terms of service prevents the software vendor from stopping the unauthorized copying. “To make matters worse, starting in 2014, the ‘Flexwrap’ software intended to track the Navy’s use and duplication of BS Contact Geo on Navy computers was disabled,” the complaint explains. This change made it impossible for Bitmanagement to know the scope of the deployment and use of BS Contact Geo on unlicensed machines or to limit that use,” the company adds. The software vendor says that the willful copyright infringement has caused injury to its business and rights. As a result, they’re now demanding compensation for the damage that was caused, to a total of nearly $600 million. Installing BS Contact Geo onto a single PC cost roughly $1067 at the time, so Bitmanagement claims that it is entitled to at least $596,308,103 in unpaid licensing fees. For comparison, that is more than the damages Kim Dotcom and Megaupload have caused copyright holders, according to the United States. And that case was billed by the FBI as one of the “largest criminal copyright cases” in history. Interestingly this is not the first time that the U.S. military has been “caught” pirating software. A few years ago it was accused of operating unlicensed logistics software, a case the Obama administration eventually settled for $50 million. Article source
  13. Group behind the attack is named Sofacy (APT28, Fancy Bear) Cyber-espionage campaign uses new evasion technique On May 28, 2016, a Russian-linked cyber-espionage group sent a spear-phishing email to a US government official from an infected computer in the IT network of another country's Ministry of Foreign Affairs. The email contained an RTF document called Exercise_Noble_Partner_16.rtf, referring to a joint US-Georgian military exercise. According to Palo Alto Networks, opening this file would trigger the CVE-2015-1641 exploit, that would download and place two DLL files (btecache.dll and svchost.dll) on the victim's computer. Security researchers claim that these two files load a Carberp variant of the Sofacy trojan used by the Sofacy cyber-espionage group. This group has affiliations to Russian military intelligence service GRU and is also known under names like Fancy Bear, APT28, Sednit, Pawn Storm, or Strontium. Sofacy finds new method to launch malicious process Palo Alto researchers said that there was something that caught their eye during this most recent Sofacy campaign. The group had apparently came up with a never-before-seen trick to gain persistence on infected devices. While most malware adds a registry key to start its malicious process when the computer boots up, Sofacy's malware used a different technique. The hackers opted to start their malware only when the user opens a Microsoft Office product such as Word, PowerPoint or Excel. "This is the first time Unit 42 has seen the Sofacy group, or any other threat group for that matter, use this tactic for persistence purposes," Palo Alto's Robert Falcone and Bryan Lee noted. "An added benefit for the threat actor to using this specific tactic for persistence is that it requires user interaction to load and execute the malicious payload, which can cause challenges for detection in automated sandboxes." Polish malware researcher Prevenity also analyzed the same malware and saw the same adapted registry key entry. Software\Microsoft\Office test\Special\Perf\: “C:\Users\[username]\AppData\Roaming\btecache.dll” Sofacy made many mistakes Luckily for the security researchers, there were some inconsistencies in the group's operation. First of all, the RTF document never showed any content to the user, alerting him that something was wrong. Secondly, as Palo Alto noted, the group had recycled IP addresses and C&C server domains from past campaigns. Palo Alto couldn't tell if this was because of laziness or for a lack of resources at the time of the attack. The end result is that Sofacy wasted a novel malware persistence technique that could easily evade most sandbox analysis operations, all because it didn't pay enough attention to the smaller details. Now that security firms are aware of this trick, their security products will no doubt scan for and detect this new mechanism. Also today, CrowdStrike revealed another Sofacy attack, this one on the Democratic National Committee network, from where the group stole documents about the party's main rival, Donald Trump. Article source
  14. Three-quarters of the government's IT budget goes to supporting legacy systems, some of which date back to the 1970s The US government spent most of its annual IT budget last year on maintaining systems that, in some cases, are decades-old -- largely because of an "if it ain't broke" mentality. But the problem is that some of the tech is broken, vulnerable, and out of date -- and it's starting to reach a breaking point. A report from the Government Accountability Office (GAO) shed light on how big the problem is. In a report published Wednesday, the federal government spent $80 billion on IT systems in 2015, but $61 billion was spent on operations and maintenance. The rest was on development and enhancement, such as purchasing new systems or expanding existing ones. Here's how bad it is: A system used by the Justice Dept. to monitor security and custody levels and inmate population information still uses COBOL, a programming language that dates back to the post-World War era. A system that tracks incidents involving hazardous materials used by the Transport Dept. is more than four decades old. A number of servers at Homeland Security still run Windows Server 2003, which hasn't been supported for almost a year, but these servers won't be transitioned to federal systems until 2018 because of backwards-compatibility issues. And, a nuclear weapons coordination system used by the Defense Dept. is still running on an IBM Series/1 computer -- a machine that dates back to the 1970s and uses 8-inch floppy disks. On the bright side, the Defense Dept. told the oversight watchdog that it has plans to update some of its nuclear systems by the end of 2017. Rep. Jason Chaffetz (R-UT, 3rd), the chairman of the House Government and Oversight Committee, said in a hearing shortly after the report's release that the government's IT spending "largely doesn't work." The situation is so bad that Chaffetz said some government agencies are still running Windows 3.1, an operating system that dates back more than two decades. image of the 23 year old Windows 3.1 Systems Commerce, Defense, Treasury, Health and Human Services, and Veterans Affairs were named in the report as using the outdated Microsoft software. The agency officials summoned to the committee argued that some of the older systems still work -- and any upgrades have been pushed to the bottom of the pile in favor of other IT spending. Whith those older systems, the report argued that many government agencies are vulnerable to security vulnerabilities and flaws because the vendors no longer provide support for old software and systems. For the upcoming 2017 fiscal year, the Obama administration asked for an 11 percent increase to $89 billion for the administration's annual IT budget. The Source
  15. Not happy with registration requirements The Chinese government could fragment the internet if it pursues new registration rules for online addresses, the US government has warned. The warning by assistant commerce secretary Larry Strickling and state department ambassador Daniel Sepulveda comes in response to a decision by the Chinese government in March to require all domain names in China to be registered through government-licensed providers based in the country. China has long had restrictive policies on what people can do online but the new rules, updated for the first time in over a decade, specifically note that any company providing online addresses "shall have the capability to engage in real name verification and users' personal information protection". In other words, every domain name owner will be known personally to the Chinese government. This approach "runs contrary to China's stated commitments toward global Internet governance processes as well as its stated goals for economic reform," argued Strickling and Sepulveda in a letter make public in a blog post on Monday. "The regulations appear to create a barrier to access and force localization of data and domestic registration of domain names," they add. "Whether driven by a motivation to increase control over Internet content in China or a desire to increase the quantity of Chinese-registered domain names, these regulations would contravene policies that have been established already at the global level by all Internet stakeholders (including Chinese)." The letter also warns that the rules have been "interpreted by some" to suggest that "all websites with domain names registered outside China will be blocked, thereby cutting off Chinese Internet users from the global Internet." Such an approach would "contravene, undermine, and conflict with current policies for managing top level domains that emerge from the Internet Corporation for Assigned Names and Numbers (ICANN), which follows a multistakeholder model in its community-based and consensus-driven policymaking approach," the letter warns. It concludes with a strong warning about the potential impact: "By creating its own rules for domain name management, China is threatening to fragment the Internet, which would limit the Internet’s ability to operate as a global platform for human communication, commerce, and creativity." Influence China is an increasingly powerful force on the internet. For every huge Western internet company, China has an equivalent, and in many cases a larger one. Weibo is Twitter; Baidu is Google; Tencent is Amazon; Renren, Facebook; and Alibaba is literally the only reason Yahoo! still exists. This impact and influence has raised concerns among lawmakers in the US and beyond that the Chinese government may soon start to undermine the internet's very openness. In recent months, Republican senators have been especially vocal about this risk, particularly given the plan for the US government to hand over control of the internet's critical IANA contract to non-profit Californian corporation ICANN in September, and ICANN's unusual relationship with the Chinese government. Fears of greater Chinese influence over ICANN have also been fueled by the decision of outgoing CEO Fadi Chehade to act as the front man for the Chinese government new internet governance initiative, the World Internet Conference. The Obama Administration and ICANN have also been persistently goaded by Wall Street Journal columnist Gordon Crovitz about the influence of the Chinese government and the plans to hand over the IANA contract. Crovitz's columns have been used by Republicans in Congress to raise doubt over the IANA transition, to the extent that secretary Strickling even posted a rebuttal to one of his columns. China has long taken a different approach to how the internet is handled within the country, even going to the extraordinary step of creating a highly complex country-wide censorship apparatus called the Great Firewall of China. Its approach has become increasingly popular among other authoritarian regimes, including Russia, which are trying to balance the huge advantages that the internet brings while limiting it extraordinary ability to share information and allow for anonymous criticism (the Arab Spring being a case in point). The world's governments have long acknowledged that what countries do within their own borders is largely their own business. But in this case, the US government clearly feels that by threatening to systematically prevent the world from communicating with its citizens except on the government's terms, it is pushing that principle too far. The Source
  16. An idea the government has been kicking around since 2011 is finally making its debut. Calling this move ill-timed would be the most gracious way of putting it. A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services. The New York Times described it at the time as a "driver's license for the internet." Sound convenient? It is. Sound scary? It is. Next month, a pilot program of the "National Strategy for Trusted Identities in Cyberspace" will begin in government agencies in two US states, to test out whether the pros of a federally verified cyber ID outweigh the cons. The NSTIC program has been in (slow) motion for nearly three years, but now, at a time when the public's trust in government is at an all time low, the National Institute of Standards and Technology (NIST -- itself still reeling a bit from NSA-related blowback) is testing the program in Michigan and Pennsylvania. The first tests appear to be exclusively aimed at accessing public programs, like government assistance. The government believes this ID system will help reduce fraud and overhead, by eliminating duplicated ID efforts across multiple agencies. But the program isn't strictly limited to government use. The ultimate goal is a replacement of many logins and passwords people maintain to access content and participate in comment threads and forums. This "solution," while somewhat practical, also raises considerable privacy concerns. [T]he Electronic Frontier Foundation immediately pointed out the red flags, arguing that the right to anonymous speech in the digital realm is protected under the First Amendment. It called the program "radical," "concerning," and pointed out that the plan "makes scant mention of the unprecedented threat such a scheme would pose to privacy and free speech online." And the keepers of the identity credentials wouldn't be the government itself, but a third party organization. When the program was introduced in 2011, banks, technology companies or cellphone service providers were suggested for the role, so theoretically Google or Verizon could have access to a comprehensive profile of who you are that's shared with every site you visit, as mandated by the government. Beyond the privacy issues (and the hints of government being unduly interested in your online activities), there are the security issues. This collected information would be housed centrally, possibly by corporate third parties. When hackers can find a wealth of information at one location, it presents a very enticing target. The government's track record on protecting confidential information is hardly encouraging. The problem is, ultimately, that this is the government rolling this out. Unlike corporations, citizens won't be allowed the luxury of opting out. This "internet driver's license" may be the only option the public has to do things like renew actual driver's licenses or file taxes or complete paperwork that keeps them on the right side of federal law. Whether or not you believe the government's assurances that it will keep your data safe from hackers, keep it out of the hands of law enforcement (without a warrant), or simply not look at it just because it's there, matters very little. If the government decides the positives outweigh the negatives, you'll have no choice but to participate. Source
×
×
  • Create New...